Same treatment for Pixelfed

services/fediversity/default.nix

@@ -9,7 +9,7 @@ in
   imports = [
     ./garage
     ./mastodon
-    ./pixelfed.nix
+    ./pixelfed
     ./peertube
   ];
 
@@ -27,8 +27,6 @@ in
         '';
       };
 
-      pixelfed.enable = mkEnableOption "default Fediversity Pixelfed configuration";
-
       temp = mkOption {
         description = "options that are only used while developing; should be removed eventually";
         default = { };
@@ -41,23 +39,6 @@ in
           };
         };
       };
-
-      internal = mkOption {
-        description = "options that are only meant to be used internally; change at your own risk";
-        default = { };
-        type = types.submodule {
-          options = {
-            ## REVIEW: Do we want to recreate options under
-            ## `fediversity.internal` or would we rather use the options from
-            ## the respective services? See Taeer's comment:
-            ## https://git.fediversity.eu/taeer/simple-nixos-fediverse/pulls/22#issuecomment-124
-            pixelfed.domain = mkOption {
-              type = types.str;
-              default = "pixelfed.${config.fediversity.domain}";
-            };
-          };
-        };
-      };
     };
   };
 

services/fediversity/pixelfed.nix

@@ -1,92 +0,0 @@
-let
-  snakeoil_key = {
-    id = "GKb5615457d44214411e673b7b";
-    secret = "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
-  };
-in
-
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
-  fediversity.garage = {
-    ensureBuckets = {
-      pixelfed = {
-        website = true;
-        # TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
-        corsRules = {
-          enable = true;
-          allowedHeaders = [ "*" ];
-          allowedMethods = [ "GET" ];
-          allowedOrigins = [ "*" ];
-        };
-      };
-    };
-    ensureKeys = {
-      pixelfed = {
-        inherit (snakeoil_key) id secret;
-        ensureAccess = {
-          pixelfed = {
-            read = true;
-            write = true;
-            owner = true;
-          };
-        };
-      };
-    };
-  };
-
-  services.pixelfed = {
-    enable = true;
-    domain = config.fediversity.internal.pixelfed.domain;
-
-    # TODO: secrets management!!!
-    secretFile = pkgs.writeText "secrets.env" ''
-      APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
-    '';
-
-    ## Taeer feels like this way of configuring Nginx is odd; there should
-    ## instead be a `services.pixefed.nginx.enable` option and the actual Nginx
-    ## configuration should be in `services.nginx`. See eg. `pretix`.
-    ##
-    ## TODO: If that indeed makes sense, upstream.
-    nginx = {
-      forceSSL = true;
-      enableACME = true;
-      # locations."/public/".proxyPass = "${config.fediversity.garage.web.urlForBucket "pixelfed"}/public/";
-    };
-  };
-
-  services.pixelfed.settings = {
-    ## NOTE: This depends on the targets, eg. universities might want control
-    ## over who has an account. We probably want a universal
-    ## `fediversity.openRegistration` option.
-    OPEN_REGISTRATION = true;
-
-    # DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
-    FILESYSTEM_CLOUD = "s3";
-    PF_ENABLE_CLOUD = true;
-    AWS_ACCESS_KEY_ID = snakeoil_key.id;
-    AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
-    AWS_DEFAULT_REGION = "garage";
-    AWS_URL = config.fediversity.garage.web.urlForBucket "pixelfed";
-    AWS_BUCKET = "pixelfed";
-    AWS_ENDPOINT = config.fediversity.garage.api.url;
-    AWS_USE_PATH_STYLE_ENDPOINT = false;
-  };
-
-  ## Only ever run `pixelfed-data-setup` after `ensure-garage` has done its job.
-  ## Otherwise, everything crashed dramatically.
-  systemd.services.pixelfed-data-setup = {
-    after = [ "ensure-garage.service" ];
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-}

services/fediversity/pixelfed/default.nix

@@ -0,0 +1,96 @@
+let
+  snakeoil_key = {
+    id = "GKb5615457d44214411e673b7b";
+    secret = "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
+  };
+in
+
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ./options.nix ];
+
+  config = lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
+    fediversity.garage = {
+      ensureBuckets = {
+        pixelfed = {
+          website = true;
+          # TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
+          corsRules = {
+            enable = true;
+            allowedHeaders = [ "*" ];
+            allowedMethods = [ "GET" ];
+            allowedOrigins = [ "*" ];
+          };
+        };
+      };
+      ensureKeys = {
+        pixelfed = {
+          inherit (snakeoil_key) id secret;
+          ensureAccess = {
+            pixelfed = {
+              read = true;
+              write = true;
+              owner = true;
+            };
+          };
+        };
+      };
+    };
+
+    services.pixelfed = {
+      enable = true;
+      domain = config.fediversity.pixelfed.domain;
+
+      # TODO: secrets management!!!
+      secretFile = pkgs.writeText "secrets.env" ''
+        APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
+      '';
+
+      ## Taeer feels like this way of configuring Nginx is odd; there should
+      ## instead be a `services.pixefed.nginx.enable` option and the actual Nginx
+      ## configuration should be in `services.nginx`. See eg. `pretix`.
+      ##
+      ## TODO: If that indeed makes sense, upstream.
+      nginx = {
+        forceSSL = true;
+        enableACME = true;
+        # locations."/public/".proxyPass = "${config.fediversity.garage.web.urlForBucket "pixelfed"}/public/";
+      };
+    };
+
+    services.pixelfed.settings = {
+      ## NOTE: This depends on the targets, eg. universities might want control
+      ## over who has an account. We probably want a universal
+      ## `fediversity.openRegistration` option.
+      OPEN_REGISTRATION = true;
+
+      # DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
+      FILESYSTEM_CLOUD = "s3";
+      PF_ENABLE_CLOUD = true;
+      AWS_ACCESS_KEY_ID = snakeoil_key.id;
+      AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
+      AWS_DEFAULT_REGION = "garage";
+      AWS_URL = config.fediversity.garage.web.urlForBucket "pixelfed";
+      AWS_BUCKET = "pixelfed";
+      AWS_ENDPOINT = config.fediversity.garage.api.url;
+      AWS_USE_PATH_STYLE_ENDPOINT = false;
+    };
+
+    ## Only ever run `pixelfed-data-setup` after `ensure-garage` has done its job.
+    ## Otherwise, everything crashed dramatically.
+    systemd.services.pixelfed-data-setup = {
+      after = [ "ensure-garage.service" ];
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}

services/fediversity/pixelfed/options.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkOption mkEnableOption;
+  inherit (lib.types) types;
+
+in
+{
+  options.fediversity.pixelfed = {
+    enable = mkEnableOption "Enable a Pixelfed server on the machine";
+
+    domain = mkOption {
+      type = types.str;
+      description = "Internal option — change at your own risk";
+      default = "pixelfed.${config.fediversity.domain}";
+    };
+  };
+}